EP4080846A1 - Connexion de communication protégée de manière cryptographique entre les composants physiques - Google Patents

Connexion de communication protégée de manière cryptographique entre les composants physiques Download PDF

Info

Publication number
EP4080846A1
EP4080846A1 EP21169167.0A EP21169167A EP4080846A1 EP 4080846 A1 EP4080846 A1 EP 4080846A1 EP 21169167 A EP21169167 A EP 21169167A EP 4080846 A1 EP4080846 A1 EP 4080846A1
Authority
EP
European Patent Office
Prior art keywords
physical component
digital twin
identification information
proof
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP21169167.0A
Other languages
German (de)
English (en)
Inventor
Rainer Falk
Kai Fischer
Steffen Fries
Markus Heintel
Wolfgang Klasen
Aliza Maftun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Siemens AG
Original Assignee
Siemens AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens AG filed Critical Siemens AG
Priority to EP21169167.0A priority Critical patent/EP4080846A1/fr
Publication of EP4080846A1 publication Critical patent/EP4080846A1/fr
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a method for setting up a cryptographically protected communication link between a first physical component and a second physical component.
  • the invention also relates to an associated physical component, a computer program product and a computer-readable medium.
  • a digital twin also referred to as a digital twin, is a virtual, digital image of a real, i.e. physical object, in particular a component, a device, a machine, a plant.
  • a digital twin can also be referred to as an administration shell or asset administration shell.
  • the digital twin is located on an IT system and can be reached via a communication network at an address, in particular an IP address, DNS name or a URL.
  • Data from the real object is mapped into its digital twin via a communication interface, either through a direct communication interface or indirectly via other systems or components capable of communicating with the real object and its digital twin.
  • a communication interface either through a direct communication interface or indirectly via other systems or components capable of communicating with the real object and its digital twin.
  • real objects will interact dynamically and flexibly with each other in the future. There is a need for the real objects to communicate with other objects or components with which they previously had no communication relationship.
  • the real objects and/or the further objects can in particular be simple sensors or actuators with very limited functions and resources, as well as more complex systems.
  • Secure communication protocols in the automation environment in particular OPC UA, TLS, IPsec/IKEv2, MACsec IEEE 802.1ae, provisioning of credentials as part of an engineering or commissioning phase, use of key servers for key distribution, in particular Global Discovery Service for OPC UA, GDOI key servers and the use of IAM services, in particular OpenID Connect, OAuth2, Kerberos, are known. With the help of these services, it is also possible to distribute, in particular an application-specific key or token, which can subsequently be used to secure a further application protocol.
  • the object of the invention is to provide a solution that allows components in the Industry 4.0 environment to communicate securely with one another, even if no communication relationship and security relationship previously existed between these components.
  • the invention results from the features of the independent claims. Advantageous developments and refinements are the subject matter of the dependent claims. Configurations, possible applications and advantages of the invention result from the following description and the drawings.
  • the invention relates to a method for setting up a cryptographically protected communication connection between a first physical component and a second physical component, the first physical component being connected to a first digital twin and the second physical component being connected to a second digital twin.
  • One aspect of the invention is to provide a method with which the trust relationship of a communication relationship between two physical components, the first physical component and the second physical component, is established via their digital twins and the physical components receive the necessary data to establish an adequately secured connection, the first credential, and the second credential, from their digital twin.
  • the invention thus provides a solution for dynamically building up a secure communication relationship without there being a previously established trust relationship between the physical components.
  • the components identify themselves with identification information, which can also be designated as an identifier, in particular a MAC address, UUID, device type and/or serial number.
  • the physical components pass the identification information of the communication partner to their own digital twin further and instruct them to establish a relationship of trust that can be used between the physical components.
  • the already established and secured connection between the physical component and its digital twin is used as the communication channel.
  • a connection can then be established between the first digital twin and the second digital twin if there is not already a connection between the first digital twin and the second digital twin.
  • the request to set up the connection between the first digital twin and the second digital twin can be formed by a request, in particular a request to establish a trust relationship, which leads to the proof of authorization.
  • the digital twin decides in which form the relationship of trust is to be established. In particular, it can be in the form of establishing the connection.
  • the two digital twins are designed to communicate via a broker using a publish-subscribe protocol, so that there does not have to be a direct connection between the two digital twins.
  • the request to establish a connection between the first digital twin and the second digital twin and the request to determine a first proof of authorization or a second proof of authorization Depending on security guidelines, the first piece of identification information and the second piece of identification information, the digital twins establish a relationship of trust on behalf of the physical components. For this purpose, the digital twins mutually authenticate themselves as representatives of their physical components.
  • the first proof of authorization is created by the first digital twin and the second proof of authorization by the second digital twin.
  • first proofs of authorization and second proofs of authorization which can also be designated as credentials, are generated.
  • Proof of authorization can in particular be embodied as symmetric keys, asymmetric keys, raw keys or in the form of certificates, one-time passwords or tokens.
  • Security guidelines within the meaning of the invention are in particular predeterminable rules or criteria of a configurable policy which can be evaluated to check whether the generation of a first proof of authorization or a second proof of authorization is permissible or which are used in the process.
  • the determination of the first proof of authorization or the second proof of authorization can be designed as a generation by the first or second digital twin. Additionally or alternatively, an external security server can take over the generation and forward the first proof of authorization or the second proof of authorization to the digital twins.
  • Requesting the determination of the first proof of authorization or the second proof of authorization can be designed such that the first digital twin requests the first proof of authorization from the second digital twin and the second digital twin requests the second proof of authorization from the first digital twin.
  • the first digital twin and/or the second digital twin can receive the respective proof of authorization from another unit, in particular a server.
  • the credentials are transmitted from the digital twins to the respective physical component .
  • a secure cryptographically protected connection in particular a communication relationship, is used between the two physical components based on the credentials negotiated by the digital twins.
  • the invention offers the advantage that physical components can establish a secure communication relationship dynamically and ad hoc without the need to provision the necessary credentials for the components in advance, or for the participants to be expected to be known in advance .
  • the components do not have to be part of a common public key infrastructure, which significantly reduces the administrative effort. Showing the requirements of necessary Resources are reduced so that components with fewer resources are also able to establish a secure communication relationship. In particular, complex protocol processes for key management and ongoing maintenance of the trust relationship (e.g. updating root certificates, OCSP queries) can be relocated from the physical component to the digital twin.
  • the invention also relates to a method for setting up a cryptographically protected communication connection between a first physical component and a second physical component, the first physical component being connected to a first digital twin and the second physical component being connected to a second digital twin View of the first digital twin.
  • the cryptographically protected communication connection between the first physical component and the second physical component is set up with the inclusion of a second proof of authorization, the second proof of authorization being created by the second digital twin.
  • a negotiation of the first credential and/or the second credential can thus be realized directly between the digital twins or via another trusted entity, specifically a management server.
  • connection between the first digital twin and the second digital twin is designed as a transport layer security connection.
  • Transport Layer Security TLS, TLSv1.2-RFC 5246, TLSv1.3-RFC 8446
  • TLS Transport Layer Security
  • RRC 5705 a symmetric key can be exported based on the master secrets negotiated in the TLS handshake, which is then made available to the physical components.
  • a token can be provided via the integration of IAM (Identity Access Management) services such as OpenID Connect, which is necessary for establishing the relationship of trust between the digital twins can be used.
  • IAM Identity Access Management
  • the security guidelines in particular a security policy, can be determined dynamically and, depending on the policy, among other things, the protection goals, the strength of the cryptographic methods and the strength of the proof of authorization or credentials to be used can be dynamically determined or negotiated.
  • the security guidelines or the security policy can be represented in particular by a security level.
  • a security level With a low security level, simple, lightweight cryptographic methods and short keys can be used in particular, with a high security level correspondingly strong methods and long keys must be used.
  • the security guidelines or the security policy can be specified by the physical components or mutually agreed and communicated to the digital twin.
  • the security policy is determined by the digital twins, with the security policy of the physical component being transferred together with the credentials in this form.
  • the connection, in particular the communication relationship, is then secured depending on the security policy and the credentials provided.
  • a connection is established between the first digital twin and the second digital twin as a function of the first environmental parameter and/or the second environmental parameter.
  • the type of connection and a security level can depend on the first environmental parameter and/or the second environmental parameter.
  • the request for the generation of the first proof of authorization and/or the second proof of authorization is carried out as a function of the first environmental parameter and/or the second environmental parameter.
  • the first proof of authorization and/or the second proof of authorization is only generated if the first environmental parameter corresponds to the second environmental parameter, is identical, or the deviation of the two environmental parameters does not exceed a threshold value.
  • environmental conditions in the form of environmental parameters of the physical components are therefore included in the establishment of the relationship of trust.
  • the digital twins only establish a connection, in particular a relationship of trust, if the environmental conditions of the physical components are similar or identical.
  • the digital twins can only establish a connection, in particular a relationship of trust, if the environmental conditions of the physical components are plausible.
  • the plausibility can be evaluated in particular by comparison with a simulation model or with simulation data.
  • a chronological progression of environmental conditions present in the past can be evaluated.
  • the invention provides a solution for dynamically building up a secure communication relationship that is appropriate to an environment, in particular an automation environment, without a previously established trust relationship existing between the components.
  • the environmental parameters can be detected by sensors and/or autodiscovery mechanisms, in particular existing beacon signals, in particular via Bluetooth.
  • the method has the further step: the first physical component receiving firewall policies from the first digital twin and/or the second physical component receiving firewall policies from the second digital twin, the first digital twin providing the firewall policies for the first physical component, and where the second digital twin that provides firewall policies for the second physical component.
  • firewall guidelines in particular a firewall filter policy
  • the permissible protocols in particular TCP, UDP, HTTP, MQTT, OPC UA, port numbers and permissible data content, in particular monitored by a deep packet inspection, can be limited.
  • the invention also includes a first physical component, the first physical component being designed to set up a cryptographically protected communication link to a second physical component, the first physical component being connected to a first digital twin and the second physical component being connected to a second digital twin twin is connected.
  • the invention also includes a computer program product, comprising a computer program, wherein the computer program can be loaded into a memory device of a computing unit, with the computer program carrying out the steps of an inventive Procedure are performed when the computer program is running on the processing unit.
  • the invention also includes a computer-readable medium on which a computer program is stored, the computer program being loadable into a memory device of a computing unit, the steps of a method according to the invention being carried out with the computer program when the computer program is executed on the computing unit.
  • FIG. 1 shows a flowchart of the method according to the invention for setting up a cryptographically protected communication link between a first physical component 1a and a second physical component 2a, the first physical component 1a being connected to a first digital twin 1b and the second physical component 2a being connected to a second digital twin Twin 2b is connected.
  • FIG. 2 shows a schematic representation of the first physical components 1a, the second physical component 2a, the first digital twin 1b and the second digital twin 2b.
  • the in 1 explained method steps S1-S7 in relation to the physical components 1a, 2a and their digital twins 2a, 2b.
  • 3 shows in addition to the elements of 2 a unit for acquiring environmental parameters 3.
  • a connection is established between the first digital twin 1b and the second digital twin 2b as a function of the first environmental parameter 3 and/or the second environmental parameter 3 .
  • the type of connection and a security level can depend on the first environmental parameter 3 and/or the second environmental parameter 3 .
  • the first environmental parameter and the second environmental parameter can be acquired by the environmental parameter acquisition unit 3 .
  • the request S5 for the generation of the first proof of authorization and/or the second proof of authorization is carried out as a function of the first environmental parameter 3 and/or the second environmental parameter 3 .
  • the generation S5 of the first proof of authorization and/or the second proof of authorization is only carried out if the first environmental parameter 3 corresponds to the second environmental parameter 3, is identical or the deviation between the two environmental parameters 3 does not exceed a threshold value.
  • environmental conditions in the form of environmental parameters 3 of the physical components 1a, 1b are therefore included in the establishment of the trust relationship.
  • the digital twins 1b, 2b only establish a connection, in particular a relationship of trust, if the environmental conditions of the physical components 1a, 1b are similar or the same.
  • the invention provides a solution for dynamically building up a secure communication relationship that is appropriate to an environment, in particular an automation environment, without a previously established trust relationship existing between the components.
  • the unit for detecting environmental parameters 3 can be embodied by a sensor and/or autodiscovery mechanism, which detects in particular beacon signals, in particular via Bluetooth.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
EP21169167.0A 2021-04-19 2021-04-19 Connexion de communication protégée de manière cryptographique entre les composants physiques Withdrawn EP4080846A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP21169167.0A EP4080846A1 (fr) 2021-04-19 2021-04-19 Connexion de communication protégée de manière cryptographique entre les composants physiques

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP21169167.0A EP4080846A1 (fr) 2021-04-19 2021-04-19 Connexion de communication protégée de manière cryptographique entre les composants physiques

Publications (1)

Publication Number Publication Date
EP4080846A1 true EP4080846A1 (fr) 2022-10-26

Family

ID=75581472

Family Applications (1)

Application Number Title Priority Date Filing Date
EP21169167.0A Withdrawn EP4080846A1 (fr) 2021-04-19 2021-04-19 Connexion de communication protégée de manière cryptographique entre les composants physiques

Country Status (1)

Country Link
EP (1) EP4080846A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268332A1 (en) * 2016-08-30 2019-08-29 Visa International Service Association Biometric identification and verification among iot devices and applications
WO2020221449A1 (fr) * 2019-04-30 2020-11-05 Telefonaktiebolaget Lm Ericsson (Publ) Fourniture de ressources pour entités mobiles

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268332A1 (en) * 2016-08-30 2019-08-29 Visa International Service Association Biometric identification and verification among iot devices and applications
WO2020221449A1 (fr) * 2019-04-30 2020-11-05 Telefonaktiebolaget Lm Ericsson (Publ) Fourniture de ressources pour entités mobiles

Similar Documents

Publication Publication Date Title
DE102014113582B4 (de) Vorrichtung, Verfahren und System für die kontextbewusste Sicherheitssteuerung in einer Cloud-Umgebung
EP3518492B1 (fr) Procédé et système de divulgation d'au moins une clé cryptographique
EP1320962B1 (fr) Procede de commande d'acces
EP3681102B1 (fr) Procédé de validation d'un certificat numérique d'utilisateur
WO2009106214A2 (fr) Système client/serveur de communication selon le protocole standard opc ua comportant des mécanismes d'authentification single sign-on et procédé d'exécution de single sign-on dans ce système
DE102022208744A1 (de) Sicherer fernzugriff auf geräte in sich überlappenden subnetzen
DE10296987T5 (de) Dynamische Konfiguration von Ipsec Tunneln
EP3661113A1 (fr) Procédé et dispositif de transfert des données dans un système de publication-abonnement
EP3058701B1 (fr) Procédé, dispositif de gestion et appareil pour l'authentification par certificat de partenaires de communication dans un appareil
WO2020229537A1 (fr) Procédé d'exécution sélective d'un conteneur et agencement de réseau
EP3759958B1 (fr) Méthode, appareil et produit-programme informatique pour la surveillance d'une liaison chiffrée dans un réseau
EP3935808B1 (fr) Fourniture d'un certificat numérique protégée de manière cryptographique
DE102017212474A1 (de) Verfahren und Kommunikationssystem zur Überprüfung von Verbindungsparametern einer kryptographisch geschützten Kommunikationsverbindung während des Verbindungsaufbaus
EP4080846A1 (fr) Connexion de communication protégée de manière cryptographique entre les composants physiques
EP1496664A2 (fr) Système, méthode et module de sécurité pour sécuriser l'accèss d'un utilisateur à au moins un composant d'automatisation d'un système d'automatisation
DE102015223078A1 (de) Vorrichtung und Verfahren zum Anpassen von Berechtigungsinformationen eines Endgeräts
DE60219915T2 (de) Verfahren zur Sicherung von Kommunikationen in einem Computersystem
EP3937451B1 (fr) Procédé de génération d'une connexion cryptée
EP4179758B1 (fr) Authentification d'un partenaire de communication sur un appareil
EP3881486B1 (fr) Procédé de fourniture d'un élément de preuve du lieu d'origine pour un couple de clé numérique
EP3442193B1 (fr) Procédé d'établissement d'un canal de communication entre un premier et un second dispositif serveur
EP3809661A1 (fr) Procédé d'authentification d'un dispositif client lors d'un accès à un serveur d'application
WO2017190857A1 (fr) Procédé et dispositif de sécurisation d'accès à des appareils
EP1496665B1 (fr) Procédé de configuration de sécurité dans un réseau d'automatisation
EP4152689A1 (fr) Procédé, produit-programme informatique et dispositif de création d'un certificat de fourniture sécurisée des prestations

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20230427